Update....turned the state type to 'none' on lan side only, wan side only, both wan and lan....still getting the same results.
On Sun, Mar 15, 2009 at 8:01 AM, Brad Gillette <[email protected]>wrote: > Do I need to change rules on the LAN side only to 'no state'? > > > On Sat, Mar 14, 2009 at 11:05 PM, Chris Buechler <[email protected]> wrote: > >> On Sat, Mar 14, 2009 at 8:57 PM, Brad Gillette <[email protected]> >> wrote: >> > >> > I've ran into another problem...when I change the LAN ip address, it >> appears >> > that the firewall rule for the LAN has to be changed. The default rule >> that >> > exists there, LAN Net to any, doesn't work anymore and has to changed to >> > reflect the subnet of the new range. >> > >> >> LAN subnet as specified in firewall rules changes when the LAN subnet >> changes. If you are using that rather than specifying the actual >> network, it will properly update automatically when you apply changes >> on a LAN IP change. I've done that on numerous occasions and just did >> it again and verified it does update properly. >> >> >> > I wonder if there is a way to disabe >> > 'stateful packet inspection'. >> > >> >> Add rules with "no state". What most people run into is asymmetric >> routing as someone noted earlier in this thread. If the firewall >> doesn't see both directions of the network traffic, it can't properly >> stateful filter. In 1.2.1 and newer it's tighter as the newer pf >> defaults to flags S/SA on pass rules. >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >> Commercial support available - https://portal.pfsense.org >> >> >
